A Brazil-based threat group is responsible for deploying the Ghimob banking trojan in multiple countries.
Kaspersky Labs’ Global Research and Analysis Team (GReAT) has uncovered details of a new banking trojan, which they believe is deployed by a Brazilian threat group dubbed Guildma.
The trojan is named Ghimob. It is a Remote Access Trojan that invades Android mobile devices through email disguised as related to debt payment.
The campaign is identified only four months after the Tetrade of four banking trojans, also deployed by Brazilian threat actors, which mainly targeted financial institutions in Latin America, Brazil, and Europe.
See: New malware found targeting IoT devices, Android TV globally
Kaspersky researchers claim that the same criminals are trying to expand their operations through infecting mobile devices in Europe, Latin America, and possibly the USA with spyware. However, it is worth noting that the trojan is being hosted on third-party domains and not on Google Play Store.
The primary targets of this Ghimob are financial apps from fintech firms, banks, cryptocurrencies, and exchanges located in Brazil, Peru, Paraguay, Portugal, Angola, Germany, and Mozambique.
“Ghimob is the first Brazilian mobile banking trojan ready to expand and target financial institutions and their customers living in other countries. The Trojan is well prepared to steal credentials from banks, fintech, exchanges, crypto-exchanges, and credit cards from financial institutions operating in many countries,” researchers noted.
Guildma uses a tried-and-tested modus operandi of phishing emails to distribute malware and lures unsusp ..
Support the originator by clicking the read the rest link below.
